Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:56, on 04-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\programmer\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rune\Skrivebord\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [NSLauncher] C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.adesk.dk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187945380421O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
--
End of file - 6890 bytes
---------------------COMBO FIX--------------------------------------------------------
ComboFix 08-03-04.3 - Rune 2008-03-04 21:33:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.1359 [GMT 1:00]
Running from: C:\Documents and Settings\Rune\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://58.65.234.25.
((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.
2008-03-04 21:17 . 2008-03-04 21:17 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-04 21:13 . 2008-03-04 21:30 <DIR> d-------- C:\SDFix
2008-03-04 21:13 . 2004-08-27 13:00 391,168 --a------ C:\CF21302.exe
2008-03-03 22:44 . 2008-03-03 22:44 268 --ah----- C:\sqmdata03.sqm
2008-03-03 22:44 . 2008-03-03 22:44 244 --ah----- C:\sqmnoopt03.sqm
2008-03-03 21:22 . 2008-03-03 21:22 85 --a------ C:\WINDOWS\wininit.ini
2008-03-03 21:03 . 2008-03-03 21:04 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-03-03 21:03 . 2008-03-03 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 20:37 . 2008-03-03 20:37 <DIR> dr------- C:\Documents and Settings\LocalService\Foretrukne
2008-03-03 20:29 . 2008-03-03 20:40 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 20:21 . 2008-03-02 20:21 <DIR> d-------- C:\Programmer\Lavasoft
2008-03-02 20:21 . 2008-03-02 20:21 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-02 18:02 . 2008-03-02 18:02 268 --ah----- C:\sqmdata02.sqm
2008-03-02 18:02 . 2008-03-02 18:02 244 --ah----- C:\sqmnoopt02.sqm
2008-02-29 15:47 . 2008-02-29 15:47 268 --ah----- C:\sqmdata01.sqm
2008-02-29 15:47 . 2008-02-29 15:47 244 --ah----- C:\sqmnoopt01.sqm
2008-02-27 20:28 . 2008-02-27 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-18 17:30 . 2008-02-18 17:30 <DIR> d-------- C:\Programmer\Teamspeak2_RC2
2008-02-18 17:30 . 2008-02-18 17:30 <DIR> d-------- C:\Documents and Settings\Rune\Application Data\teamspeak2
2008-02-18 17:30 . 2008-02-18 17:30 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-02-11 18:53 . 2008-02-27 20:00 <DIR> d-------- C:\Programmer\MediaAccumulativeCodec
2008-02-08 14:33 . 2008-02-27 20:00 <DIR> d-------- C:\Programmer\MediaEntertainmentCodec
2008-02-08 14:26 . 2008-02-08 14:26 <DIR> d-------- C:\Programmer\XP Codec Pack
2008-02-08 14:26 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 20:31 --------- d-----w C:\Programmer\Steam
2008-03-04 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\BullGuard
2008-03-02 17:30 --------- d-----w C:\Programmer\Nokia
2008-02-28 05:55 --------- d-----w C:\Programmer\Fælles filer\Teleca Shared
2008-02-27 19:00 --------- d-----w C:\Programmer\MediaAccumulativeCodec
2008-02-18 14:01 --------- d-----w C:\Documents and Settings\Rune\Application Data\Skype
2008-01-29 21:13 --------- d-----w C:\Documents and Settings\Rune\Application Data\Nero
2008-01-29 21:11 --------- d-----w C:\Programmer\Fælles filer\Nero
2008-01-29 21:09 --------- d-----w C:\Programmer\Nero
2008-01-29 21:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-29 21:02 --------- d-----w C:\Programmer\MagicISO
2008-01-29 20:57 --------- d-----w C:\Documents and Settings\Rune\Application Data\uTorrent
2008-01-11 05:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:54 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:13 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 10:59 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-21 20:34 308552]
"Steam"="c:\programmer\steam\steam.exe" [2007-12-01 11:19 1266936]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 15:21 1449984]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 13:49 16126464 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 22:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 22:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 22:44 81920]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2007-10-21 20:34 308552]
"NSLauncher"="C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 00:12 2658304]
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25 1828136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\counter-strike\\hl.exe"=
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\condition zero\\hl.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
R1 VFILT;BullGuard Firewall Kernel Driver;C:\Programmer\BullGuard Software\BullGuard\FwEngine\FiltNt.sys [2007-02-05 13:14]
R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2007-10-21 20:34]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2004-08-27 13:00]
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2004-08-27 13:00]
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\Protect.dll [2007-02-05 13:14]
R3 Reconn;BullGuard Email Monitor;C:\Programmer\BullGuard Software\BullGuard\reconn.sys [2007-02-05 13:17]
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\AdBlock.dll []
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll []
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;C:\Programmer\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll []
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
BullGuardFw REG_MULTI_SZ BsFwall
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-04 21:34:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background??r
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-04 21:34:27
ComboFix-quarantined-files.txt 2008-03-04 20:34:24
.
2008-02-14 02:03:24 --- E O F ---
-----------------------------------SD FIX---------------------------------------------
SDFix: Version 1.152 Run by Rune on 04-03-2008 at 21:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\alofkmn.dll - Deleted
C:\WINDOWS\fkxvkns.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-04 21:27:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X001[1].jpg 4646 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X001[2].jpg 4738 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X002[1].jpg 4428 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\x002[2].jpg 4174 bytes
C:\Documents and Settings\Rune\Lokale indstillinger\Temporary Internet Files\Content.IE5\IZUO0ATI\X002[3].jpg 4637 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 15
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmer\\uTorrent\\uTorrent.exe"="C:\\Programmer\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\counter-strike\\hl.exe"="C:\\Programmer\\Steam\\SteamApps\\skaterbong\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Programmer\\Steam\\SteamApps\\skaterbong\\condition zero\\hl.exe"="C:\\Programmer\\Steam\\SteamApps\\skaterbong\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Programmer\\Skype\\Phone\\Skype.exe"="C:\\Programmer\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Programmer\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe"
Fri 24 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT5.tmp"
Sun 27 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT4.tmp"
Tue 4 Mar 2008 48 A..H. --- "C:\Documents and Settings\All Users\Application Data\BullGuard\Temp\wtslist.tmpp"
Finished!